The use of teleradiological systems for medical image communication is increasing significantly. Digital images can be transferred over public telephone (e.g. ISDN) lines to colleagues for interpretation and/or consultation. Thus, a new quality is being introduced into the process of radiological diagnostics. However, technical implementation of such systems is accompanied by little consideration of legal, i.e. data protection and security, issues. In this paper we describe a concept for data protection in teleradiology which unites aspects of privacy and security as well as user aspects. After highlighting the legal situation in Germany we describe the methodology used for deriving the security profile for teleradiology in Germany. As a result the set of security measures which have to be employed with a teleradiology system is listed. A detailed description follows of how the software requirements are implemented in the teleradiology software MEDICUS.